CLAIMS 

What is claimed is: 



11. A method of establishing a secure communication session among a plurality of 

2 member nodes that participate in a multicast group across a wide area network, 

3 comprising the steps of: 

4 receiving information defining a plurality of multicast proxy service nodes that are 

5 distributed across a local area network that is coupled to the wide area 

6 network and for controlling when any of the member nodes join or leave the 

7 multicast group, wherein the multicast proxy service nodes are logically 

8 represented by a first binary tree; 

9 creating and storing a second binary tree for representing the member nodes, wherein 

I o each of the member nodes is represented by a leaf node of the second binary 

I I tree, that is stored in a domain of a directory service that is distributed across 

12 the wide area network, and wherein each of the member nodes is capable of 

13 establishing multicast communication and serving as a key distribution center; 

14 creating and storing a group session key associated with the multicast group and a 

1 5 private key associated with each node in a group using secure key exchange; 

1 6 when one of the member nodes joins the multicast group, determining a new group 

1 7 session key by replicating a branch of the second binary tree. 

12. A method as recited in Claim 1 , wherein each of the member nodes is associated with 

2 one of the multicast proxy service nodes, wherein each of the multicast proxy service 

3 nodes acts as one of a plurality of replicated group controllers, further comprising the 

4 steps of: 

5 joining one of the group controllers to the plurality of replicated group controllers in 

6 the local area network; 

7 establishing, by one of the group controllers, a secure communication channel 

8 between one of the group controllers and another of the group controllers 

9 using a key exchange protocol; 
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1 0 receiving a request to add or delete the specified member node of the multicast group 

1 1 from a load balancer that is coupled to the plurality of group controllers; 

12 creating and storing a new group session key for each member node in each branch of 

1 3 the tree that is affected by adding or deleting the specified member node from 

14 the group; 

1 5 distributing the new group session key from one of the group controllers to the 

1 6 affected member nodes. 

1 3. A method as recited in Claim 2, wherein distributing a group session key further 

2 comprises: 

3 receiving a token value at the group controller to designate the group controller as 

4 having permission to selectively generate the new group session key and to 

5 generate node keys associated with the affected intermediate nodes and the 

6 leaf nodes; and 

7 creating and storing the new group session key only when the group controller has the 

8 token value. 

1 4. A method as recited in Claim 2, wherein distributing a group session key further 

2 comprises: 

3 determining whether the multicast group has a node that is leaving the multicast 

4 group; 

5 determining which of the intermediate nodes are affected by the leaving node; 

6 updating only keys associated with the affected intermediate nodes; 

7 generating a new group session key; and 

8 sending the new group session key to the leaf nodes. 

15. A method as recited in Claim 4, wherein updating keys comprises: 

2 generating a new key of a parent node of the leaving node; and 

3 encrypting the new key of the parent node with an existing key of the member node 

4 that is adjacent to the parent node. 
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1 6. A method as recited in Claim 2, wherein distributing a group session key farther 

2 comprises: 

3 receiving a request message from one of the plurality of member nodes to join the 

4 multicast group; 

5 determining which of the intermediate nodes are affected by the joining node; 

6 updating only keys associated with the affected intermediate nodes; 

7 generating a new group session key and a private key for the joining node; and 

8 sending a message comprising the new group session key, the private key, and the 

9 updated keys of affected intermediate nodes to the joining node. 

1 7. A method as recited in Claim 6, wherein updating keys comprises performing a one 

2 way hash function on the keys associated with the affected intermediate nodes. 

1 8. A method as recited in Claim 2, wherein establishing a secure communication 

2 channel comprises exchanging a public key of the group controller with all other 

3 group controllers in the plurality of replicated group controllers based upon optimized 

4 broadcast Diffie-Hellman protocol . 

1 9. A method as recited in Claim 2, wherein establishing a secure communication 

2 channel comprises: 

3 receiving a public key value that is broadcast by the joining node; 

4 sending a collective public key value from the nodes to the joining node; 

5 computing a shared secret key; 

6 creating and storing a group shared secret key by exchanging private key values. 

1 10. A method as recited in Claim 1 , wherein determining a new group session key 

2 comprises computing a group shared secret key at a first member node for use in a 

3 public key process and using less than n * (n-1) messages, where "n" is a number of 

4 member nodes in a broadcast or multicast group, by the steps of: 
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generating an intermediate shared secret key by issuing communications to a second 
member node; 

sending a first private value associated with the first member node to the second 

member node, and receiving from the second member node a second private 
value associated with the second member node using the intermediate shared 
secret key; 

generating and communicating a collective public key that is based upon the first 
private value and the second private value to a third member node of the 
network; 

receiving an individual public key from the third member node; and 
computing and storing the group shared secret key based upon the individual public 
key. 



11. A method as recited in Claim 1 0, further comprising: 

joining the first member node to an initial multicast group in response to generating 

the intermediate shared secret key; and 
joining a second member node to a new multicast group that subsumes the initial 

multicast group after receiving the individual public key. 



12. A method as recited in Claim 1 0, wherein the step of communicating the collective 
public key further comprises determining whether the first member node or the 
second member node transfers the collective public key based upon an order of entry 
of such member nodes into a multicast group. 



13. A method as recited in Claim 1 0, wherein sending the first private value and 

receiving the second private value further comprises computing the first private value 
as a random integer and receiving a second random integer as the second private 
value. 



14. A method as recited in Claim 10, further comprising the step of establishing a 

cryptographic communication session between the first member node and the second 
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3 member node, whereby secure communications are established between the first 

4 member node and the second member node using public key exchange and only 

5 approximately 2n + 2(n-l) total messages, wherein n represents a number of the 

6 member nodes. 

1 15. A method as recited in Claim 1 0, wherein generating the shared secret key value 

2 comprises computing and storing the shared secret key value "k" at the first member 

3 node according to the relation 

4 k = C ab mod (q) = p abc mod (q) 

5 wherein C, a, b, c, q, and p are values stored in a memory, and wherein C is the 

6 individual public key, a is the private value of the first member node, b is the 

7 private value of the second member node, c is a third private value of the third 

8 member node, p is a base value, and q is a prime number value. 

1 16. A method as recited in Claim 1 , wherein determining a new group session key 

2 comprises computing a group shared secret key, each of the member nodes having a 

3 private key value associated therewith, by the steps of: 

4 communicating a first public key value of the first member node to a second member 

5 node; 

6 creating and storing an initial shared secret key for the first member node and second 

7 member node based on a first private key value and a second public key value 

8 that is received from the second member node; 

9 creating and storing information at the first member node that associates the first 

1 0 member node with a first network communication entity by generating a 

1 1 collective public key value that is shared by the first member node and a 

12 second member node and based on the first private key value and a second 

1 3 private key value that is derived by the first member node from the second 

1 4 public key value; 

1 5 receiving a third public key value from a third member node that seeks to join the first 

1 6 network communication entity; 
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1 7 creating and storing a shared secret key value based on the collective public key value 

1 8 and the third public key value; 

1 9 joining the first member node to a second network communication entity that includes 

20 the first network communication entity and the third member node and that 

21 uses secure communication with messages that are encrypted using the shared 

22 secret key value. 

1 17. A method as recited in Claim 16, wherein joining the first member node to a second 

2 network communication entity includes the step of communicating the first private 

3 key value to the second member node and to the third member node using messages 

4 encrypted using the shared secret key value. 

1 18. A method as recited in Claim 1 6, wherein creating and storing a shared secret key 

2 value further comprises creating and storing the shared secret key based upon how 
2 3 many times each member node of the second network communication entity has 

^ 4 participated in formation of any such entity and based upon each private number of 

s 5 each member node in the second network communication entity. 

i 19. A method as recited in Claim 1 6, further comprising the step of creating and storing a 

Q 2 subsequent shared secret key for use by the first network communication entity and 

^ 3 the third node to enable the third node to independently compute the group shared 

4 secret key. 

1 20. A method as recited in Claim 1 9, wherein creating and storing the subsequent shared 

2 secret key comprises creating and storing the subsequent shared secret key, k, 

3 according to the relation 

4 k = p (a * x)(b * y)(c * z) mod(q) 

5 where p = a random number, q = a prime number, a = the first private key value, b = 

6 the second private key value, c = a private key value of the third member node, x = a 

7 number of times the first member node has participated in entity formation, y = a 
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8 number of times the second member node has participated in entity formation, and z 

9 = a number of times the third member node has participated in entity formation. 



1 21. A method as recited in Claim 1 6, wherein the step of joining the first member node to 

2 a second network communication entity further comprises: 

3 creating and storing a collective public key based upon the first private key value, the 

4 second private key value, and the third private key value; 

5 communicating a collective public key of the second network communication entity 

6 to the third member node. 

1 22. A method as recited in Claim 1 6, wherein the step of joining the first member node to 

2 a second network communication entity further comprises determining which one of 

3 the member nodes of the first network communication entity is designated to transfer 

4 the collective public key based upon order of entry into the formed entity. 

1 23 . A method as recited in Claim 1 6, wherein creating and storing an initial shared secret 

2 key for the first member node and second member node comprises creating and 

3 storing an initial shared public key "AB" according to the relation 

4 AB = k ab ab mod (q) = p (ab)(ab) mod (q) 

5 wherein k = the initial shared secret key value, a = the first private key value, b = the 

6 second private key value, p is a base value, and q is a randomly generated prime 

7 number value. 

1 24. A method as recited in Claim 1 , further comprising the steps of: 

2 authenticating a first event service node with a subset of the event service nodes that 

3 are affected by an addition of the first event service node to the multicast 

4 group, based on key information stored in a directory; 

5 receiving a plurality of private keys from the subset of nodes; 

6 generating a new private key for the first event service node; 

7 communicating the plurality of private keys and the new private key to the first event 

8 service node; 
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9 communicating a message to the subset of nodes that causes the subset of nodes to 

1 0 update their private keys. 

1 25. A method as recited in Claim 24, wherein authenticating the plurality of event service 

2 nodes based on information stored in a directory includes authenticating the plurality 

3 of event service nodes based on a directory that comprises a directory system agent 

4 (DSA) for communicating with one or more of the event service nodes and a 

5 replication service agent (RSA) for replicating attribute information of the one or 

6 more event service nodes. 

1 26. A method as recited in Claim 24, wherein authenticating the plurality of event service 

2 nodes based on information stored in a directory includes authenticating the plurality 

3 of event service nodes based on a directory that comprises a directory system agent 

4 (DSA) for communicating with one or more of the event service nodes and a 

5 replication service agent (RSA) for replicating attribute information of the one or 

6 more event service nodes, wherein the attribute information comprises a group 

7 session key and the private keys 

1 27. A method as recited in Claim 24, wherein generating private keys comprises 

2. generating private keys for each of the intermediate nodes and leaf nodes, the private 

3 keys providing unique identification within the tree structure, and wherein each 

4 private key is N bits in length, wherein each bit corresponds to one of the private 

5 keys, and N is an integer. 

1 28. A method as recited in Claim 24, further comprising distributing a group session key 

2 to all nodes by creating and storing the group session key using a first event service 

3 node of one domain of the directory; replicating the directory; and obtaining the 

4 group session key from a local event service node that is a replica of the first event 

5 service node. 
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1 29. A method as recited in Claim 24, wherein generating private keys comprises 

2 generating private keys for each of the intermediate nodes and leaf nodes, the private 

3 keys providing unique identification within the tree structure, and wherein each 

4 private key is N bits in length, wherein each bit corresponds to one of the private 

5 keys, and N is an integer; and wherein the most significant bits of the N bits 

6 correspond to nodes logically near the root node in the tree structure. 

1 30. A method as recited in Claim 24, further comprising selectively updating a group 

2 session key for use in encrypting communications among all nodes in the multicast 

3 group and selectively updating the private keys. 

1 31. A method as recited in Claim 30, further comprising selectively updating the group 

2 session key and the private keys by: 

3 detecting whether a network node associated with one of the leaf nodes is leaving the 

4 secure multicast or broadcast group; 

5 determining tree nodes along a tree path corresponding to the leaving leaf node are 

6 affected in response to the detecting step; 

- 7 updating the private keys of the affected intermediate nodes; 

8 generating a new group session key; 

9 modifying the attribute information based upon the updated private keys and the new 

10 group session key; and 

1 1 generating instructions that distribute the modified attribute information using 

1 2 directory replication. 

1 32. A method as recited in Claim 3 1 , wherein the step of generating the new group 

2 session key is performed by one of the affected intermediate nodes that is the parent 

3 node of the leaving leaf node, the one affected intermediate node selectively sending 

4 the new group session key to all ancestral nodes along the tree path. 
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33. 



A method as recited in Claim 31, wherein the step of updating the private keys of the 
intermediate nodes comprises performing a one way hash function on the private keys 
in response to receiving a corresponding instruction from the root node. 



1 34. A method as recited in Claim 24, further comprising selectively updating a group 

2 session key and the private keys, wherein the step of selectively updating comprises: 

3 receiving a request message from a new network node to join the secure multicast 

4 group; 

5 determining which of the intermediate nodes along a tree path corresponding to the 

6 new leaf node are affected in response to the receiving step; 

7 updating the private keys of the affected intermediate nodes; 

8 generating a new group session key and a private key of the new leaf node; 

9 modifying the attribute information based upon the updated private keys, the new 

1 0 group session key, and the private key of the new leaf node; and 

1 1 distributing the modified attribute information using directory replication. 

1 35. A method as recited in Claim 34, wherein one of the affected intermediate nodes that 

2 is the parent node of the new leaf node requests permission from the root node to 

3 generate the new session key. 

1 36. A method as recited in Claim 34, wherein the step of updating the private keys of the 

2 intermediate nodes comprises performing a one way hash function on the private keys 

3 in response to receipt of a corresponding instruction from the root node. 

1 37. A method as recited in Claim 34, wherein generating the private keys comprises 

2 generating the private keys based upon an Internet Protocol (IP) address and time 

3 values. 

1 
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1 38. A method as recited in Claim 1 , further comprising the steps of: 

2 creating and storing a group session key associated with the multicast group in the 

3 directory service; 

4 authenticating a first multicast proxy service node with a subset of the multicast 

5 proxy service nodes that are affected by an addition of the first multicast 

6 proxy service node to the multicast group, based on the group session key 

7 stored in the directory; 

8 receiving a plurality of private keys from the subset of nodes; 

9 receiving a new group session key for the multicast group, for use after addition of 

10 the first multicast proxy service node, from a local multicast proxy service 

1 1 node that has received the group session key through periodic replication of 

12 the directory; 

1 3 communicating the new group session key private key to the first multicast proxy 

14 service node; 

1 5 communicating a message to the subset of nodes that causes the subset of nodes to 

1 6 update their private keys. 

1 39. A method as recited in Claim 38, wherein authenticating the plurality of multicast 

2 proxy service nodes includes authenticating the plurality of multicast proxy service 

3 nodes using a directory system agent (DS A) that communicates with one or more of 

4 the multicast proxy service nodes and a replication service agent (RS A) that replicates 

5 attribute information of the one or more multicast proxy service nodes. 

1 40. A method as recited in Claim 38, wherein receiving a new group session key includes 

2 receiving the new group session key from a directory system agent (DS A) for 

3 communicating with one or more of the multicast proxy service nodes and a 

4 replication service agent (RSA) for replicating key information of the one or more 

5 multicast proxy service nodes. 

1 41 . A method as recited in Claim 38, further comprising the step of signaling the 
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2 replication service agent to carry out replication by storing an updated group session 

3 key in a local node of the directory. 

1 42. A method as recited in Claim 38, further comprising distributing a group session key 

2 to all nodes by creating and storing the group session key using a first multicast proxy 

3 service node of one domain of the directory; replicating the directory; and obtaining 

4 the group session key from a local multicast proxy service node that is a replica of the 

5 first multicast proxy service node. 

1 43. A method as recited in Claim 38, further comprising distributing a group session key 

2 to all nodes by creating and storing the group session key using a first multicast proxy 

3 service node of one domain of the directory; replicating the directory; and obtaining 

4 the group session key from a local multicast proxy service node that is a replica of the 

5 first multicast proxy service node. 

1 44. A method as recited in Claim 38, wherein determining a new group session key 

2 comprises the steps of: 

3 receiving information indicating that a specified node is joining the multicast group; 

4 updating all affected keys of a subset of member nodes in a branch of the second 

5 binary tree that contains the specified joining node; 

6 receiving a new group session key for the multicast group, for use after addition of 

7 the specified joining node, and a new private key for the specified joining 

8 node, from one of the member nodes that is local to the specified joining 

9 node; 

10 communicating a message to the subset of member nodes that causes the subset of 

1 1 member nodes to update their private keys. 

1 45. A method as recited in Claim 38, further comprising the steps of: 

2 associating a plurality of intermediate nodes of the binary tree with a plurality of 

3 multicast service agents; 

4 establishing a secure back channel group among the multicast service agents; 
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5 updating the group session key to all the multicast service agents by securely 

6 communicating the group session key using the secure back channel. 

1 46. A method as recited in Claim 38, further comprising the steps of: 

2 associating a plurality of intermediate nodes of the binary tree with a plurality of 

3 multicast service agents, wherein the multicast service agents are distributed 

4 across a wide area network; 

5 establishing a secure back channel group among the multicast service agents; 

6 updating the group session key to all the multicast service agents across the wide area 

7 network by securely communicating the group session key using the secure 

8 back channel. 

1 47. A method as recited in Claim 38, further comprising the steps of: 

2 associating a plurality of intermediate nodes of the binary tree with a plurality of 

3 multicast service agents; 

4 establishing a secure back channel group among the multicast service agents; 

5 updating the group session key to all the multicast service agents by securely 

6 communicating the group session key using the secure back channel; 

7 at each intermediate node, updating the group session key of only those leaf nodes 

8 that are child nodes of the intermediate node. 

1 48. A method as recited in Claim 38, further comprising the steps of: 

2 receiving a request for the group session key from a publisher node that is located in a 

3 different domain from the group controller node; 

4 determining an identifier of the publisher node using a local directory service agent; 

5 establishing a secure communication channel among the group controller node and a 

6 directory service agent in the different domain. 

1 49. The method as recited in Claim 38, further comprising selectively updating the group 

2 session key and the private keys by: 

3 detecting whether a network node is leaving the secure multicast or broadcast group; 

* 62 

50325-108 (1590) 



4 determining nodes that are affected in response to the detecting step; 

5 updating the private keys of the affected intermediate nodes; 

6 generating a new group session key; 

7 modifying the attribute information based upon the updated private keys and the new 

8 group session key; and 

9 requesting to distribute the modified attribute information using directory replication. 

1 50. A method as recited in Claim 38, further comprising selectively updating a group 

2 session key and the private keys, wherein the step of selectively updating comprises: 

3 receiving a request message from a new network node to join the secure multicast 

4 group; 

5 determining which of the intermediate nodes are affected in response to the receiving 

6 step; 

7 updating the private keys of the affected intermediate nodes; 

8 generating a new group session key and a private key of the new node; 

9 modifying the attribute information based upon the updated private keys, the new 

1 0 group session key, and the private key of the new node; and 

1 1 distributing the modified attribute information to all the affected nodes. 

1 51. A method as recited in Claim 1 , further comprising managing removal of a first node 

2 from the secure multicast group that comprises the first node and a plurality of the 

3 multicast proxy service nodes, by the steps of: 

4 creating and storing a group session key associated with the multicast group and a 

5 private key associated with each node in a directory; 

6 receiving information indicating that the first node is leaving the multicast group; 

7 updating all affected keys of a subset of nodes in a branch of the binary tree that 

8 contains the leaving node; 

9 receiving a new group session key for the multicast group, for use after removal of 

1 0 the first node, and a new private key for the first node, from a local group 

1 1 controller node; 
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12 communicating a message to the subset of nodes that causes the subset of nodes to 

1 3 update their private keys. 



1 52. A method as recited in Claim 51, further comprising the steps of: 

2 associating a plurality of intermediate nodes of the binary tree with a plurality of 

3 multicast service agents; 

4 establishing a secure back channel group among the multicast service agents; 

5 changing a private key associated with one of the intermediate nodes, in response to 

6 receiving information indicating that the first node is leaving the multicast 

7 group; 

8 updating a group controller of the binary tree with the changed private key by sending 

9 the changed private key by securely communicating using the secure back 
10 channel 

1 53 . A method as recited in Claim 5 1 , further comprising the steps of: 

2 associating a plurality of intermediate nodes of the binary tree, including the first 

3 node, with a plurality of multicast service agents; 

4 establishing a secure back channel group among the multicast service agents; 

5 changing a plurality of private keys associated with all nodes that are child nodes of 

6 the first node, in response to receiving information indicating that the first 

7 node is leaving the multicast group; 

8 updating a group controller of the binary tree with the changed private keys by 

9 decrypting the group session key from the group controller and then 
1 0 encrypting the group session key with the changed private keys. 

1 54. A method as recited in Claim 5 1 , further comprising the steps of: 

2 associating a plurality of intermediate nodes of the binary tree with a plurality of 

3 multicast service agents; 

4 establishing a secure back channel group among the multicast service agents; 

5 updating the group session key to all the multicast service agents by securely 

6 communicating the group session key using the secure back channel; 
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7 at each intermediate node, updating the group session key of only those leaf nodes 

8 that are child nodes of the intermediate node. 

1 55. A method as recited in Claim 5 1 , further comprising the steps of: 

2 receiving a request for the group session key from a publisher node that is located in a 

3 different domain from the group controller node; 

4 determining an identifier of the publisher node using a local directory service agent; 

5 establishing a secure communication channel among the group controller node and a 

6 directory service agent in the different domain. 

1 56. A method as recited in Claim 5 1 , further comprising distributing a group session key 

□ 2 to all nodes by creating and storing the group session key using a first multicast proxy 

™: 3 service node of one domain of the directory; replicating the directory; and obtaining 

f t! 4 the group session key from a local multicast proxy service node that is a replica of the 

% 5 first multicast proxy service node. 

s 1 57. A communication system for establishing a secure communication session among a 

f7 2 plurality of member nodes that participate in a multicast group across a wide area 

iM 3 network, the communication system comprising: 

f % 4 a group controller that creates and manages secure multicast communication among 
U" ; 5 the other multicast proxy service nodes, having a private key; 

6 a computer-readable medium comprising one or more instructions which, when 

7 executed by one or more processors, cause the one or more processors to carry 

8 out the steps of: 

9 establishing a plurality of multicast proxy service nodes that are distributed 

1 0 across a local area network that is coupled to the wide area network 

1 1 and for controlling when any of the member nodes join or leave the 

12 multicast group, wherein the multicast proxy service nodes are 

1 3 logically represented by a first binary tree; 

14 creating and storing a second binary tree for representing the member nodes, 

1 5 wherein each of the member nodes is represented by a leaf node of the 
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1 6 second binary tree, that is stored in a domain of a directory service that 

1 7 is distributed across the wide area network, and wherein each of the 

1 8 member nodes is capable of establishing multicast communication and 

1 9 serving as a key distribution center; 

20 creating and storing a group session key associated with the multicast group 

21 and a private key associated with each node in a group using secure 

22 key exchange; 

23 when one of the member nodes joins the multicast group, determining a new 

24 group session key by replicating a branch of the second binary tree. 

1 58. A computer-readable medium carrying one or more sequences of instructions for 

2 establishing a secure communication session among a plurality of member nodes that 

3 participate in a multicast group across a wide area network, wherein execution of the 

4 one or more sequences of instructions by one or more processors causes the one or 

5 more processors to perform the steps of: 

6 establishing a plurality of multicast proxy service nodes that are distributed across a 

7 local area network that is coupled to the wide area network and for controlling 

8 when any of the member nodes join or leave the multicast group, wherein the 

9 multicast proxy service nodes are logically represented by a first binary tree; 
10 creating and storing a second binary tree for representing the member nodes, wherein 
\ 1 1 each of the member nodes is represented by a leaf node of the second binary 

12 tree, that is stored in a domain of a directory service that is distributed across 

13 the wide area network, and wherein each of the member nodes is capable of 

14 establishing multicast communication and serving as a key distribution center; 

15 creating and storing a group session key associated with the multicast group and a 

16 private key associated with each node in a group using secure key exchange; 

1 7 when one of the member nodes joins the multicast group, determining a new group 

1 8 session key by replicating a branch of the second binary tree. 
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